A quarter of the S&P 500 companies may be compromised in their cybersecurity posture, suggests new research from BitSight, a specialist in cybersecurity ratings. Recent analysis from the company found that 25 percent of S&P 500 companies have at least one Single Sign-On credential for sale on the dark web, a security vulnerability affecting half of the top 20 most valuable public US companies.
BitSight began its analysis in January of this year, and says it has since “observed steady growth” in the number of public companies whose SSO credentials have appeared for sale on dark web channels. To be clear, the credentials have not all been tested by BitSight; but even if only a tenth of them are legitimate, that represents a serious cumulative security threat against a huge attack surface of the US economy.
Breaking down the affected organizations by industrial sector, BitSight found that the technology sector was the biggest victim, accounting for over a quarter of exposed SSO credentials. Manufacturing was a distant second.
“Credentials can be relatively trivial to steal from organizations, and many organizations are unaware of the critical threats that can arise specifically from stolen SSO credentials,” commented BitSight co-founder and CTO Stephen Boyer. “These findings should raise awareness and motivate prompt action to become better acquainted with these threats.”
As for how to counter the threats, BitSight offers a number of recommendations, including the use of adaptive multi-factor authentication that dynamically changes authentication requirements based on contextual parameters such as geolocation; and the use of U2F security keys. Businesses should also be careful to assess the security posture of their third-party vendors, which themselves can become an attack vector through their own cybersecurity vulnerabilities.